Many defense contractors have ignored this regulation until they (1) received something from their prime inquiring about their compliance status, or (2) they received a modification to their current prime or subcontract with the DFARS 252.204-7012 compliance requirement contained in the solicitation requirements. We don't blame them for wanting their prime, or the government, to prove that this requirement applied to their company, but no matter when or how the requirement was enforced, the deadline for [...]

FOR IMMEDIATE RELEASE Techni-Core Welcome's New Team Members! Huntsville, AL - 1 November 2017 1 November 2017 - Techni-Core is pleased to announce the addition of two new Team Members, Jason Burris and Kelly Liles! Jason has over 25 years of information technology and customer service experience, maintains Security+ and A+ certifications, and is a member of ISSA. He is highly skilled in providing an excellent customer experience and loves the challenge of solving a tough [...]

Inquiring minds (and our clients) want to know, is becoming compliant with DFARS 7012 by Dec. 31 the only goal? In simple terms, no - your compliance MUST be maintained. Let's dig into this complex topic. Lifecycle Management of your DFARS 7012 Compliance Think of your compliance as a product. In the government contracting world, you hear the term "lifecycle management" in reference to the management and maintenance of equipment. Proper methodologies and plans [...]

By now, you've probably heard about the WannaCry Ransomware virus sweeping the nation. We've created some tips to keep you safe from this nasty virus. Microsoft released an update on March 14th that patched the vulnerability. If your systems are all up to date then you are protected against last week’s virus. Last week's virus exploited a vulnerability that was patched in that March update. Remember, you must reboot after installing updates for them [...]

FOR IMMEDIATE RELEASE Techni-Core has released the second publication! Huntsville, AL - 25 April 2017 25 April 2017 - Techni-Core has published a second book, "DFARS UCTI Compliance Quick Start Guide for DFARS 252.204-7012, FAR 52.204-21, and NIST 800-171." In this guide, the writers discuss the DFARS 7012 regulation, NIST 800-171 industry best practices contractors are required to implement, and the path to reaching full compliance. Readers will gain an understanding of the time involved in the compliance process [...]

In August 2015, NIST 800-171 listed 62 Non-Federal Organization or NFO controls as "expected." Think of NFO as the controls you should already have in place. The additional 62 NIST controls marked "NFO," are not part of the "mandatory minimum." The Government expects them to be satisfied as part of your existing security policy. NFO items include controls covering every NIST category from Access Controls to Systems and Information Integrity -- they also include [...]

Continuous Monitoring is a piece of the NIST 800-171 rule that frequently gets overlooked as a requirement. There are many reasons for this, but the most frequent is that most companies think, once the security controls are implemented they are compliant. That's not the case. DFARS 252.204-7012 (Implementing NIST 800-171) as well as FAR 52.204-21, once the security controls are implemented, must be maintained. Continuous Monitoring enables information security professionals to see a continuous [...]

While no regulations concerning CUI (controlled unclassified information) have come out yet, they are expected in 2017. Agencies like Homeland Security are already changing their own acquisition regulations. From our perspective as, not only a Defense Contractor but a Compliance Provider, there are certain things we expect to see in those forthcoming regulations. Our expectations are based on a September 2016 National Archives final rule that established a baseline for how contractors and agencies [...]

If you've been involved in the DFARS 252.204-7012 (Implementing NIST 800-171) process you've seen the wording in the regulation requiring a second layer of defense for your systems -- 2-Factor Authentication or Multi-Factor Authentication (you will see it presented either way, but they are the same thing). Multi-Factor Authentication (MFA) is one of the requirements imposed by DFARS 252.204-7012 via NIST SP 800-171. This requirement is familiar to the government network computer users but [...]

DFARS 252.204-7012 (Implementing NIST 800-171) is a hefty regulation to wade through on your own. That's what we're here for! Let's start with the first question burning in your mind, "What is UCTI?" There are two terms thrown around that are synonymous with contact-sensitive, but unclassified information -- UCTI (Unclassified Controlled Technical Information) & CUI (Controlled Unclassified Information). Whether the contact-sensitive information is at rest in your network (data stored in files, databases, emails, [...]